Connecting Technology and Business.

Message Encryption in O365 is service that lets you send encrypted emails
to people outside your company. No matter what the destination-Outlook.com,
Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name
it - you can send sensitive business communications with an additional level of
protection against unauthorized access. There are many business situations
where this type of encryption is essential. Here are just a few.

A
bank sending credit card statements to customers over email.

An
insurance company providing details about the policy to clients.

A
mortgage broker requesting financial information from a customer for a
loan application.

A
healthcare provider using encrypted messages to send healthcare
information to patients.

An
attorney sending confidential information to a client or another attorney.

A
consultant sending a contract to a client.

A
therapist providing a patient diagnosis to an insurance company.

Office 365 E3 and E4 users will get Office 365 Message Encryption at no
extra cost.

Setting up encryption

Administrators set up transport rules to apply Office 365 Message
Encryption when emails match specified criteria. Transport rules provide great
flexibility and control, and can be managed via a web-based interface or
PowerShell.

Setting up the transport rules is simple. Administrators simply select
the action to apply encryption or remove encryption in the Exchange admin
center.

You set up Office 365 Message Encryption rules in the Exchange admin
center.

Once the admin sets up the rules, whenever anyone in the company sends a
message that matches the conditions, the message is encrypted using Office 365
Message Encryption. The outgoing message is encrypted before it is delivered to
the outside mail server to prevent any spoofing or misdirection.

Receiving and responding to
encrypted messages

When an external recipient receives an encrypted message from your
company, they see an encrypted attachment and an instruction to view the
encrypted message.

The encrypted message appears as an attachment in a message in the
recipient’s inbox, with instructions for how to view it.

You can open the attachment right from your inbox, and the attachment
opens in a new browser window. To view the message, you just follow the simple
instructions for authenticating via your Office 365 ID or Microsoft Account.

Once you are authenticated, the content of an
encrypted message appears.

The Message Encryption interface, based on Outlook Web App, is modern
and easy to navigate. You can easily find information and perform quick tasks
such as reply, forward, insert, attach, and so on. As an added measure of
protection, when the receiver replies to the sender of the encrypted message or
forwards the message, those emails are also encrypted.

When you
reply to an encrypted message you’ve received, your reply is also encrypted.

Microsoft has added Multi-Factor Authentication for Office 365 to Office
365 Business plans, Enterprise plans, Academic plans, Non-profit plans, and
standalone Office 365 plans, including Exchange Online and SharePoint Online.
This allows organizations with these subscriptions to enable multi-factor
authentication for their Office 365 users without requiring any additional
purchase or subscription.

Multi-factor authentication increases the security of user logins for
cloud services above and beyond just a password. With Multi-Factor
Authentication for Office 365, users are required to acknowledge a phone call,
text message, or an app notification on their smartphone after correctly
entering their password. Only after this second authentication factor has been
satisfied can a user sign in.

Multi-factor authentication is available for Office 365 administrative
roles and also to any Office 365 user and users who are authenticated from a
federated on-premises directory.

Microsoft has also added App Passwords for users so they can
authenticate from Office desktop applications.

Multi-factor authentication enhances security for Office 365. (Office
365 offers many robust built-in security features for all customers and also
optional controls that enable subscribers to customize their security
preferences. More information about security in Office 365 is available in the
Office 365 Trust Center).

Multi-Factor Authentication
for Office 365

On the users and groups page in the Office 365 admin center, you can
enroll users for multi-factor authentication by clicking the Set Multi-factor
authentication requirements: Set up link.

The multi-factor authentication page lists the users and allows you to
enroll a user for multi-factor authentication.

After a user is enabled for multi-factor authentication, they will be
required to configure their second factor of authentication at their next
login. Each subsequent login is enforced and will require use of the password
and phone acknowledgement.

After being enrolled for multi-factor authentication, the next time a
user signs in, they see a message asking them to set up their second
authentication factor.

Any of the following may be used for the second factor of
authentication.

Call
my mobile phone. The user receives a phone call that asks
them to press the pound key. Once the pound key is pressed, the user is
logged in.

Text
code to my mobile phone. The user receives a text message
containing a six-digit code that they must enter into the portal.

Call
my office phone. This is the same as Call my mobile
phone, but it enables the user to select a different phone if they do not
have their mobile phone with them.

Notify
me through app. The user configured a smartphone app
and they receive a notification in the app that they must confirm the login.
Smartphone apps are available for Windows Phone, iPhone, and Android
devices.

Show
one-time code in app. The same smartphone app is used.
Instead of receiving a notification, the user starts the app and enters
the six-digit code from the app into the portal.

Once a user is signed in they can change their second factor of
authentication.

The settings menu is the little cog at the top right of the portal
screen. In the settings menu clicking the additional security verification
link.

App Passwords in
Multi-Factor Authentication for Office 365

Users who are enrolled for multi-factor authentication are required to
configure App Passwords in order to use Office desktop applications, including
Outlook, Lync, Word, Excel, PowerPoint, and OneDrive for Business.

Once an information worker has logged in with multi-factor
authentication, they will be able to create one or more App Passwords for use
in Office client applications. An App Password is a 16-character randomly
generated password that can be used with an Office client application as a way
of increasing security in lieu of the second authentication factor.

App Passwords are not available for use with PowerShell access to Office
365, and they can be turned off entirely for the Office 365 tenant for
customers who have special security policies.

After
you’ve created an App Password for an Office desktop application, such as
Outlook, it is indicated in a list in your account.

Many
business enterprises grapple with the dilemma whether to host their SharePoint
on-premises or to settle for what is available on the SharePoint online
services that Microsoft offers in its Office 365 offerings. There is a third
but less considered option – host SharePoint server on the cloud using the
Infrastructure as a Service (Iaas) offered by Microsoft (Azure) or other cloud
players.

Any
decision, according to Gartner, must be based on the business objective of the
enterprise rather than any other consideration. As this question gets complex with
the increase in the number of users/user teams, their location, connectivity,
security, compliance, privacy and controllability, Gartner has published
decision frameworks, decision factors and lists of strengths and weaknesses to
help enterprises base their decisions on.

While many
enterprises that desired an intranet for their staff have already invested in
SharePoint for an on-premises solution (SharePoint Online was a late-comer),
with the cloud-first principle, Microsoft has started rolling out a lot of new
features in the SharePoint online services that has become attractive and is
becoming a deterrent in decision making in support of an on-premises solution.
Now, a serious decision is looming in the near future for many enterprises whether
to go for the next upgrade of SharePoint server or should the enterprise opt
for the cloud services.

Some of the
factors that influence a decision are listed hereunder:

Is my enterprise content
safe on the cloud?

A number of
enterprises are still worried about the security of their content. With news of
data breaches happening all around the web, this is a factor of grave concern
for the enterprises. Many of them still hesitate to consider the online
services as a safe bet and are not ready to move their content to the cloud due
to legal constraints. While Microsoft, one of the most trusted IT companies in
the world, has come up with a lot of information on its trust center about the
various steps it has taken to make the enterprise content secure and about the
various certification that it has acquired over the years (http://azure.microsoft.com/en-us/support/trust-center/ ), it still fails to offset the
fears in the mind of the enterprise decision makers. They would rather live
with their content in their datacenter and risk a breach than trust it to a
third party vendor.

Where is my data?

Many
business enterprises that provide services to their customers and clients are
facing this question – where is my data located in the cloud? Many of them are
bound by legal compliance requirements that prohibit them from moving their
data beyond their national boundaries. Customers and clients might consider it
a threat to allow their data to be held in a country that might not align with
their political, religious or cultural convictions. While Microsoft allows
enterprises to choose a zone of their choice for holding their content on the
azure services, it is not so transparent with respect to the Office 365
services.

How is the connectivity?

While a
SharePoint server might require only a LAN connectivity, SharePoint online
would require an always online kind of a WAN connectivity for accessing
content. Many developing countries are still facing a problem of poor internet
connectivity which might be a very important factor that influences the
decision against SharePoint online services. While there is the 3G and 4G
connectivity that is becoming popular lately in the urban areas, this might not
be the case in placesthat are far
removed from the cities where the manufacturing centers are located – in
industrial estates and export processing zones that have limited connectivity
even today.

How much do I get to
store?

SharePoint
online provides 500 mb per user subscription apart from the 10GB available for
the enterprise. This might become a limitation where the enterprise is
content-intensive. While additional space for storage of the content can be
bought from the service provider, this might be considered as an additional
expense and there might not be an upper predictable limit for budgeting
purposes.

Will my search be fast
enough?

As
SharePoint is made available in a multitenant environment, search capabilities
might be slow and not give the user as good an experience as an on-premises
solution. There is a potential scalability concern when it comes to the online
services.

What limit of
customization do I want?

With a
SharePoint on-premises solution, there is a possibility of extensive
customization. Enterprises can make the solution as user friendly as possible.
With the SharePoint designer, a lot of apps can be built in to the solution to
make the platform a real collaborative entity. SharePoint online provides
limited customization options.

How much am I going to
spend?

The online
services is available at a fractional cost of the on-premises solution and
comes in a subscription model. The underlying infrastructure is of no worry to
the enterprise and does not require the upkeep of it. The personnel for
maintaining the solution and their skill set requirements become minimal. An
on-premises solution would require a Windows server, the respective client
access licenses, SQL server, the SharePoint server and the client access licenses
and a double investment for high availability scenarios.

How fast do I want to roll
out / scale up the solution?

An On-premises
SharePoint solution requires details architectural planning and the roll out
might take several months. The end-user waiting time for this solution might at
some time sap the enthusiasm of the users. An online solution would shorten
this time significantly as the infrastructure is readily made available by the service
provider. And scaling up and down depending on the requirement is possible in
an online solution as it is a pay for what you use model. Scaling down on the
number of users in an on-premises model will only reduce the Return on
investment (RoI) significantly.

The third option – Hosting
the SharePoint server on the cloud

This might
be an option that enterprises might want to consider if they are financially
crunched on acquiring fresh hardware or provision existing hardware for this
SharePoint solution. In this case, not only have they to pay the vendor for
IaaS but also have to pay for the software Server licenses and CALS. And the
responsibility of running and upkeep of the solution is on the shoulders of the
internal IT admins.

Azure Active Directory provides single sign-on to thousands
of cloud (SaaS) apps and access to web apps that an enterprise runs on-premises. Built for ease
of use, Azure Active Directory features Multi-Factor Authentication (MFA),
access control based on device health, user location, and identity and holistic
security reports, audits, and alerts. Azure Active Directory is available in 3
editions: Free, Basic and Premium.

Benefits of Azure Active Directory

Single sign-on to any cloud and on-premises web app

Azure Active Directory provides secure single sign-on to
cloud and on-premises applications including Microsoft Office 365 and thousands
of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and
Box.

Easily extend Active Directory to the cloud

Connection to Active Directory and other on-premises directories
to Azure Active Directory is available in just a few clicks and it helps maintain a consistent set of
users, groups, passwords, and devices across both environments.

Works with iOS, Mac OS X, Android, and Windows devices

Users can launch applications from a personalized web-based access
panel, mobile app, Office 365, or custom company portals using their existing
work credentials—and have the same experience whether they’re working on iOS,
Mac OS X, Android and Windows devices.

Protect sensitive data and apps

Application access security is enhanced using rule-based Azure Multi-Factor
Authentication for both on-premises and cloud applications. Security reporting, auditing, alerting, and “shadow IT”
application discovery helps protect the business. Business can also take advantage of unique machine learning-based capabilities
that identify potential threats.

Protect on-premises web apps with secure remote access

Users can access their on-premises web applications from everywhere and can be
protected with multi-factor authentication, conditional access policies, and
group-based access management. They can also access SaaS and on-premises web apps
from the same portal.

Reduce costs and enhance security with self-service

Admins can delegate important tasks such as resetting passwords and the
creation and management of groups to their employees. Providing self-service
application access and password management through verification steps can
reduce helpdesk calls and enhance security.

Enterprise scale and SLA

Azure Active Directory Premium offers enterprise-grade scale
and reliability. As the directory for Office 365, it already hosts hundreds of
millions of users and handles billions of authentications every day. The high
availability service is hosted in globally distributed datacenters in 17
regions, with worldwide technical support that provides a 99.9% SLA.

Empower Users

Business enterprises can enable users to work from any location – corporate office, home
office, on the go, using any device – desktops, laptops, tabs, smartphones.
They can give the users always-on access to all their work resources using a single set of
credentials protected with Multi-Factor Authentication. After a user has signed
in, they get single sign-on access to their apps and data.

Self-service capabilities

Enterprises can minimize support costs and keep users up and running by configuring self-service experiences. With web-based tools such as Access Panel and Password Reset, users can be given a personalized, company-branded portal to access SaaS applications.

Users create and manage their own groups

Admins can empower users to create their own groups, assign members to
groups they own, approve join requests, and more.

Users change and reset their own passwords

Businesses can give all users in their directory the capability to change
and reset their passwords – whether they are in the cloud or on-premises.